From f442c6877c707ac7acfdc4eb58d067a999e9d63d Mon Sep 17 00:00:00 2001 From: jinlun Date: Wed, 15 Feb 2023 14:15:41 +0800 Subject: [PATCH] backport bugfix from upstream (cherry picked from commit 43a82f031f3f216969ba3baa2053109752f7a311) --- ...port-libsepol-add-missing-oom-checks.patch | 77 ++++++++++++ ...LL-dereference-on-optional-parameter.patch | 32 +++++ ...bsepol-check-correct-pointer-for-oom.patch | 34 ++++++ ...ol-do-not-modify-policy-during-write.patch | 49 ++++++++ ...and-replacement-lists-in-parentheses.patch | 113 ++++++++++++++++++ ...le-quotes-in-typetransition-CIL-rule.patch | 33 +++++ libsepol.spec | 11 +- 7 files changed, 348 insertions(+), 1 deletion(-) create mode 100644 backport-libsepol-add-missing-oom-checks.patch create mode 100644 backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch create mode 100644 backport-libsepol-check-correct-pointer-for-oom.patch create mode 100644 backport-libsepol-do-not-modify-policy-during-write.patch create mode 100644 backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch create mode 100644 backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch diff --git a/backport-libsepol-add-missing-oom-checks.patch b/backport-libsepol-add-missing-oom-checks.patch new file mode 100644 index 0000000..840e9df --- /dev/null +++ b/backport-libsepol-add-missing-oom-checks.patch @@ -0,0 +1,77 @@ +From 0233e4f6d59a96b759e32661a20be4bbadb374a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Thu, 31 Mar 2022 16:44:52 +0200 +Subject: [PATCH] libsepol: add missing oom checks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check return values of memory allocation functions and propagate their +failure. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + src/kernel_to_cil.c | 5 +++++ + src/module_to_cil.c | 7 +++++++ + src/policydb.c | 3 ++- + 3 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/kernel_to_cil.c b/src/kernel_to_cil.c +index d4dee8d..ef6161c 100644 +--- a/libsepol/src/kernel_to_cil.c ++++ b/libsepol/src/kernel_to_cil.c +@@ -555,6 +555,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str, + } else { + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); + sid = strdup(unknown); ++ if (!sid) { ++ sepol_log_err("Out of memory"); ++ rc = -1; ++ goto exit; ++ } + } + rc = strs_add_at_index(strs, sid, i); + if (rc != 0) { +diff --git a/src/module_to_cil.c b/src/module_to_cil.c +index 3e17018..5027fb7 100644 +--- a/libsepol/src/module_to_cil.c ++++ b/libsepol/src/module_to_cil.c +@@ -391,6 +391,8 @@ static int typealias_list_create(struct policydb *pdb) + } + + typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists)); ++ if (!typealias_lists) ++ goto exit; + typealias_lists_len = max_decl_id + 1; + + rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb); +@@ -2551,6 +2553,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_ + goto exit; + } + item->sid_key = strdup(sid); ++ if (!item->sid_key) { ++ log_err("Out of memory"); ++ rc = -1; ++ goto exit; ++ } + item->next = head; + head = item; + } +diff --git a/src/policydb.c b/src/policydb.c +index 3992ea5..982bc23 100644 +--- a/libsepol/src/policydb.c ++++ b/libsepol/src/policydb.c +@@ -1248,7 +1248,8 @@ int policydb_index_others(sepol_handle_t * handle, + if (!p->type_val_to_struct) + return -1; + +- cond_init_bool_indexes(p); ++ if (cond_init_bool_indexes(p)) ++ return -1; + + for (i = SYM_ROLES; i < SYM_NUM; i++) { + free(p->sym_val_to_name[i]); +-- +2.27.0 + diff --git a/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch b/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch new file mode 100644 index 0000000..2d7f041 --- /dev/null +++ b/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch @@ -0,0 +1,32 @@ +From f505a73b06302ba5e84f8c56851121d4a410c1ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 10 Jun 2022 17:06:23 +0200 +Subject: [PATCH] libsepol: avoid potential NULL dereference on optional + parameter +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The parameter `reason` of `context_struct_compute_av()` is optional and +can be passed in as NULL, like from `type_attribute_bounds_av()`. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/src/services.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsepol/src/services.c b/libsepol/src/services.c +index d7510e9da..24412d837 100644 +--- a/libsepol/src/services.c ++++ b/libsepol/src/services.c +@@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext, + /* mask violated permissions */ + avd->allowed &= ~masked; + +- *reason |= SEPOL_COMPUTEAV_BOUNDS; ++ if (reason) ++ *reason |= SEPOL_COMPUTEAV_BOUNDS; + } + + /* diff --git a/backport-libsepol-check-correct-pointer-for-oom.patch b/backport-libsepol-check-correct-pointer-for-oom.patch new file mode 100644 index 0000000..20f8e17 --- /dev/null +++ b/backport-libsepol-check-correct-pointer-for-oom.patch @@ -0,0 +1,34 @@ +From 68a29c3aee60a6dd4e0d435fc10adb0f2cc1c0ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 8 Apr 2022 15:10:51 +0200 +Subject: [PATCH] libsepol: check correct pointer for oom +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check the actual pointer which memory was assigned to, not its parent +array pointer. + + services.c:810:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign] + **r_buf = **new_buf; + ^ ~~~~~~~~~ + +Acked-by: James Carter +Signed-off-by: Christian Göttsche +--- + libsepol/src/services.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsepol/src/services.c b/libsepol/src/services.c +index 47e564df4..d7510e9da 100644 +--- a/libsepol/src/services.c ++++ b/libsepol/src/services.c +@@ -803,7 +803,7 @@ static int constraint_expr_eval_reason(context_struct_t *scontext, + if (len < 0 || len >= reason_buf_len - reason_buf_used) { + new_buf_len = reason_buf_len + REASON_BUF_SIZE; + *new_buf = realloc(*r_buf, new_buf_len); +- if (!new_buf) { ++ if (!*new_buf) { + ERR(NULL, "failed to realloc reason buffer"); + goto out1; + } diff --git a/backport-libsepol-do-not-modify-policy-during-write.patch b/backport-libsepol-do-not-modify-policy-during-write.patch new file mode 100644 index 0000000..c2f0366 --- /dev/null +++ b/backport-libsepol-do-not-modify-policy-during-write.patch @@ -0,0 +1,49 @@ +From 2651989d3b94dd15459fbef4384f114b24850665 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Thu, 30 Jun 2022 19:03:01 +0200 +Subject: [PATCH] libsepol: do not modify policy during write +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not modify the in memory default_range value of a class datum while +writing a policy. + +While on it fix indentation. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/src/write.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/libsepol/src/write.c b/libsepol/src/write.c +index 48ed21ea6..a9fdf93a8 100644 +--- a/libsepol/src/write.c ++++ b/libsepol/src/write.c +@@ -1097,16 +1097,18 @@ static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) + p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || + (p->policy_type == POLICY_BASE && + p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { ++ char default_range = cladatum->default_range; ++ + buf[0] = cpu_to_le32(cladatum->default_user); + buf[1] = cpu_to_le32(cladatum->default_role); +- if (!glblub_version && cladatum->default_range == DEFAULT_GLBLUB) { ++ if (!glblub_version && default_range == DEFAULT_GLBLUB) { + WARN(fp->handle, +- "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding", +- p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers, +- p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB); +- cladatum->default_range = 0; +- } +- buf[2] = cpu_to_le32(cladatum->default_range); ++ "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding", ++ p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers, ++ p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB); ++ default_range = 0; ++ } ++ buf[2] = cpu_to_le32(default_range); + items = put_entry(buf, sizeof(uint32_t), 3, fp); + if (items != 3) + return POLICYDB_ERROR; diff --git a/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch b/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch new file mode 100644 index 0000000..797f15b --- /dev/null +++ b/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch @@ -0,0 +1,113 @@ +From 65b3f695be306ad8f525d4db2befd55336bd0a09 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Wed, 13 Jul 2022 15:43:43 +0200 +Subject: [PATCH] libsepol: enclose macro parameters and replacement lists in + parentheses +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + libsepol/include/sepol/errcodes.h | 13 ++++++------- + libsepol/include/sepol/policydb/policydb.h | 10 +++++----- + libsepol/src/kernel_to_cil.c | 2 +- + libsepol/src/module_to_cil.c | 2 +- + libsepol/src/util.c | 2 +- + 5 files changed, 14 insertions(+), 15 deletions(-) + +diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h +index 6e9ff3161..e5fe71e36 100644 +--- a/libsepol/include/sepol/errcodes.h ++++ b/libsepol/include/sepol/errcodes.h +@@ -16,15 +16,14 @@ extern "C" { + * codes that don't map to system error codes should be defined + * outside of the range of system error codes. + */ +-#define SEPOL_ERR -1 +-#define SEPOL_ENOTSUP -2 /* feature not supported in module language */ +-#define SEPOL_EREQ -3 /* requirements not met */ ++#define SEPOL_ERR (-1) ++#define SEPOL_ENOTSUP (-2) /* feature not supported in module language */ ++#define SEPOL_EREQ (-3) /* requirements not met */ + + /* Error codes that map to system error codes */ +-#define SEPOL_ENOMEM -ENOMEM +-#define SEPOL_ERANGE -ERANGE +-#define SEPOL_EEXIST -EEXIST +-#define SEPOL_ENOENT -ENOENT ++#define SEPOL_ENOMEM (-ENOMEM) ++#define SEPOL_EEXIST (-EEXIST) ++#define SEPOL_ENOENT (-ENOENT) + + #ifdef __cplusplus + } +diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h +index de0068a6c..ef1a014a5 100644 +--- a/libsepol/include/sepol/policydb/policydb.h ++++ b/libsepol/include/sepol/policydb/policydb.h +@@ -251,9 +251,9 @@ typedef struct class_perm_node { + struct class_perm_node *next; + } class_perm_node_t; + +-#define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f))) +-#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f))) +-#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f))) ++#define xperm_test(x, p) (1 & ((p)[(x) >> 5] >> ((x) & 0x1f))) ++#define xperm_set(x, p) ((p)[(x) >> 5] |= (1 << ((x) & 0x1f))) ++#define xperm_clear(x, p) ((p)[(x) >> 5] &= ~(1 << ((x) & 0x1f))) + #define EXTENDED_PERMS_LEN 8 + + typedef struct av_extended_perms { +@@ -795,9 +795,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform); + + #define policydb_has_boundary_feature(p) \ + (((p)->policy_type == POLICY_KERN \ +- && p->policyvers >= POLICYDB_VERSION_BOUNDARY) || \ ++ && (p)->policyvers >= POLICYDB_VERSION_BOUNDARY) || \ + ((p)->policy_type != POLICY_KERN \ +- && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY)) ++ && (p)->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY)) + + /* the config flags related to unknown classes/perms are bits 2 and 3 */ + #define DENY_UNKNOWN SEPOL_DENY_UNKNOWN +diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c +index 9128ac553..5a1336a33 100644 +--- a/libsepol/src/kernel_to_cil.c ++++ b/libsepol/src/kernel_to_cil.c +@@ -1626,7 +1626,7 @@ static int write_type_permissive_rules_to_cil(FILE *out, struct policydb *pdb) + return rc; + } + +-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p)) ++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p)) + + static char *xperms_to_str(avtab_extended_perms_t *xperms) + { +diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c +index b35bf055f..b900290a7 100644 +--- a/libsepol/src/module_to_cil.c ++++ b/libsepol/src/module_to_cil.c +@@ -624,7 +624,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const + return rc; + } + +-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p)) ++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p)) + + static int xperms_to_cil(const av_extended_perms_t *xperms) + { +diff --git a/libsepol/src/util.c b/libsepol/src/util.c +index 1cd1308d1..0a2edc852 100644 +--- a/libsepol/src/util.c ++++ b/libsepol/src/util.c +@@ -124,7 +124,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass, + return avbuf; + } + +-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p)) ++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p)) + + char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms) + { diff --git a/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch b/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch new file mode 100644 index 0000000..26774c5 --- /dev/null +++ b/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch @@ -0,0 +1,33 @@ +From eca72d8e47ac8b962f87c46aa77fb893aa0df0f8 Mon Sep 17 00:00:00 2001 +From: Juraj Marcin +Date: Thu, 25 Aug 2022 15:27:18 +0200 +Subject: [PATCH] libsepol: fix missing double quotes in typetransition CIL + rule + +CIL Reference Guide defines typetransition rule with double quotes +around object name, but those are not present in the format string. + +This patch fixes this issue, so the CIL output produced by +sepol_kernel_policydb_to_cil() is in the correct format. + +Signed-off-by: Juraj Marcin +--- + libsepol/src/kernel_to_cil.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c +index 5a1336a330..ad4121d50a 100644 +--- a/libsepol/src/kernel_to_cil.c ++++ b/libsepol/src/kernel_to_cil.c +@@ -1854,7 +1854,7 @@ static int map_filename_trans_to_str(hashtab_key_t key, void *data, void *arg) + filename = ft->name; + new = pdb->p_type_val_to_name[datum->otype - 1]; + +- return strs_create_and_add(strs, "(typetransition %s %s %s %s %s)", 5, ++ return strs_create_and_add(strs, "(typetransition %s %s %s \"%s\" %s)", 5, + src, tgt, class, filename, new); + } + +-- +2.27.0 + diff --git a/libsepol.spec b/libsepol.spec index b841ab4..d7411ca 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,6 +1,6 @@ Name: libsepol Version: 3.1 -Release: 9 +Release: 10 Summary: SELinux binary policy manipulation library License: LGPLv2+ URL: https://github.com/SELinuxProject/selinux/wiki/Releases @@ -54,6 +54,12 @@ Patch44: backport-libsepol-cil-Reorder-checks-for-invalid-rules-when-b.pa Patch45: backport-libsepol-cil-Cleanup-build-AST-helper-functions.patch Patch46: backport-libsepol-cil-Create-new-first-child-helper-function-.patch Patch47: backport-CVE-2021-36087.patch +Patch48: backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch +Patch49: backport-libsepol-check-correct-pointer-for-oom.patch +Patch50: backport-libsepol-do-not-modify-policy-during-write.patch +Patch51: backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch +Patch52: backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch +Patch53: backport-libsepol-add-missing-oom-checks.patch BuildRequires: gcc flex @@ -113,6 +119,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install %{_mandir}/man3/* %changelog +* Wed Feb 15 2023 jinlun - 3.1-10 +- backport bugfix from upstream + * Thu Dec 15 2022 jinlun - 3.1-9 - fix CVE-2021-36084 CVE-2021-36085 CVE-2021-36087